January 2018
ACFE Member Profile
Shannon Grayer, CFE, CBM, CCEP
Head of Ethics and Compliance Investigations
CSRA Inc.
Shannon Grayer, CFE, CBM, CCEP may have earned his CFE more
than a decade ago, but his passion for learning more about the world and fraud
examination has never waned. The head of ethics and compliance investigations for
CSRA Inc. has lived in multiple countries, stays abreast of technological
advancements in the IT industry and works with major players in U.S. national
security. When he’s not on the job, you might catch him at a show or museum in
the Washington, D.C. area.
How did you become passionate
about fighting fraud?
Back
in the early 2000s I was a postal inspector for Canada Post Corporation in
Vancouver, focusing on physical security and investigation such as theft of
mail. One day, our main inspector for fraud-related matters unexpectedly left
the organization. There was no natural replacement at the time, so I was placed
in the role. As luck would have it, I took to the role like a duck to water — I
truly enjoyed uncovering misconduct and making a real difference for the
organization. Not long after, I started studying for my CFE Exam and came to
the realization that I had genuinely found my calling.
What is one of the biggest
lessons you have learned since becoming a CFE?
Never
stop learning because life never stops teaching. In this type of work there are
new surprises every day — some of which I suppose I could write a book about, though
I’m not convinced everyone would believe it. The learning keeps me on my toes, happy
and humble. In this broad, ever-evolving field even the experts can stand to
learn a few new tips and tricks.
What steps led you to your
current position at CSRA?
I
always wanted to broaden my career and my world, and that led me to live in
Europe for several years (specifically Prague, Czech Republic) where I led
Microsoft’s investigation team for the Europe, Middle East and Africa (EMEA)
region. A few years ago, I returned to the U.S. to become an investigations
lead for Computer Sciences Corporation (CSC). In late 2015 my current company, CSRA
Inc., was formed through a merger of CSC's North American Public Sector
business and SRA International.
Do you face any unique
challenges working for an IT company?
CSRA
Inc. provides IT services to U.S. government clients in national security,
civil government, health care and public health. Our largest market, national
security, includes the U.S. Department of Defense, U.S. Homeland Security, U.S.
Army, U.S. Air Force and intelligence agencies. We do work in our nation’s
infrastructure, in training and education, in cybersecurity and much more.
As
a “pure play” government IT services provider, we have an array of government
standards we must adhere to and various critical agency regulations that we are
required to comply with. I look at it as a tiered view in which everyone at the
company needs to meet laws, government regulations, and company policies and
expectations.
Moreover,
as with any IT company, the environment is fast-paced. The challenge is to remain
flexible and willing to adapt. Additionally, it is key to have a thirst for
knowledge since new service offerings and products appear. You need to
familiarize yourself with what is current and upcoming. Questions or concerns
that I am often asked to address can range from issues of ethical business
practices and compliance to financial, safety and security and human resources
matters.
What is a memorable case or
project that you have worked on?
Several
years ago, an IT program manager (responsible for developing proofs of concept and
managing tools to show customers best-in-class implementation) hired a partner
using a third-party payment provider (Company X). Over the course of a year, the
program manager routed more than half a million dollars in investment funding (i.e.,
discretionary monies he managed) through Company X.
Of
note, the many small-value purchase orders for this project did not reference the
actual partner engaged to perform the effort (Company Y). Moreover, the
referenced deliverables were very vague, with labels such as “project
management,” with no measurable milestones or engagement details. Over the
course of the year the project manager told his manager that Company X — where
the funds flowed through — was doing a tremendous job.
Near
the end of the year, the project manager was reassigned to a new manager, who
noticed an odd name on the purchase order where it mentioned the true company
performing work (Company Y). Realizing that Company X was simply a
pass-through, the new manager did some sleuthing and found a contact email
similar to the name of the project manager. The new manager escalated the issue
to my team for investigation.
The
investigation revealed the project manager had siphoned the entire half a million
dollars to pay for his personal desires and interests including opening a
nightclub and having expensive affairs with multiple women. The employee was
terminated and criminally charged, and ultimately restitution was ordered.
This
case was particularly impactful to me personally because two years later the
(now former) employee reached out to arrange a meeting with me. In that meeting
the former project manager revealed how personally devastating the intervening two
years had been from a financial and emotional perspective. However, his purpose
in contacting me was actually to thank me for treating him with dignity
throughout the investigation even though he had done terrible things and
destroyed his until-then promising career. He said he appreciated my
professionalism and respectfulness, despite the “crook” he had become at the
time. It was a truly unforgettable meeting, and one which not many
investigators get an opportunity to be part of.
When
I speak on this case, I often like to point to the old F.M. Hubbard quote, “Honesty pays, but it doesn’t seem to
pay enough to suit some people.”
How has earning the CFE
credential benefited your career?
I
can honestly say that I would not be where I am today without the CFE
credential, which I earned back in 2002. For the past few positions I have held,
the CFE certification was designated as a preferred (and at times required) credential
in the hiring process, so I know the CFE has been a key differentiator. I know
that CFEs are increasingly sought after nowadays. Whenever I seek to assess whether
job candidates are truly committed to, and engaged in, the fraud fighting field,
I look for the CFE certification.
What activities or hobbies do
you like to do outside of work?
I
enjoy live music of all kinds and that’s one reason I truly enjoy the D.C.-Maryland-Virginia
area. I’ve found there are many diverse music venues in this region so I am
never at a loss for good shows. I have also become somewhat of a museum
enthusiast since there are so many wonderful galleries around this area. Plus I
am a bit of sports junkie (go Hawks!)